Overview

When the commercial banking division of this global bank used a financial exchange to transfer customer transaction data to money management applications, it needed to ensure that the exchange did not present new opportunities for fraudsters.

With ThreatMetrix, this global bank can:

Gain clearer visibility into customer traffic on its financial exchange

Improve the customer experience for trusted, returning users

Business Problem

Many businesses and consumers track their income and expenses using money management applications to help give them a comprehensive view of their finances by creating budgets, tracking and paying bills, and categorizing transactions all in one place. Customers link money management applications to their bank and credit card accounts by passing their user information through the applications. Transaction data is then transferred from the banks over the Internet via a financial exchange to the applications. Many banks use Open Financial Exchange (OFX), which is an open standard API, to provide data to financial applications such as those used for banking, stock portfolios, budgeting, and money management.

When servers began crashing at this global bank, it became apparent that its financial exchange was vulnerable to fraudsters who were performing high velocity credentials testing. Once stolen credentials are verified, fraudsters often use them to perform additional crimes or sell them on the dark web. This global bank needed a fraud solution that could provide insight into activities occurring on its financial exchange and block fraudulent traffic without causing friction for legitimate customers.

Harnessing the Power of a Global Network

The ThreatMetrix Digital Identity Network collects and processes global shared intelligence from millions of daily consumer interactions including logins, payments and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations and anonymized personal information. Behavior that deviates from this trusted digital identity can be accurately identified in real time, alerting the bank to potential fraud.

Detecting Stolen Credentials and Identity Testing Attacks

As global data breaches continue to feature in the evolving cybercrime story, fraudsters have easy access to vast swathes of stolen identity credentials. They often mass test these credentials using automated bot attacks, validating and augmenting existing data to create more complete stolen identities, making it harder than ever for digital businesses to really know who they are transacting with. ThreatMetrix is able to detect these credential testing attacks, even if fraudsters adjust the velocity to appear more like legitimate customer traffic, by accurately pinpointing behavioral anomalies between the digital identity of a trusted user and a fraudster.

ThreatMetrix detects bot attacks using context-based information to perform behavioral analysis of users during periods of normal operation and compares such data to that gathered during an attack, enabling the bank to differentiate between a human and a bot the moment they login/transact.

ThreatMetrix deep connection analysis technologies detect the use of technologies such as hidden proxies and VPNs and allow the bank to see the true IP address, geolocation and other attributes of each event, backed by global identity data over time.

ThreatMetrix SmartID identifies returning users that wipe cookies, use private browsing and change other parameters to bypass device fingerprinting. This improves returning user detection, reduces false positives and helps identify fraudsters who might be using the same device to make multiple payments.